But *nix doesn't get hacked! Surely it must have been a Windows machine that caused all the problems...

There were two problems, neither unix specific. One was a developer. He wrote two scripts that didn't properly sanitize their parameters. The other was a configuration problem that allowed php to be run in any directory that the web server could see.
____________

But *nix doesn't get hacked! Surely it must have been a Windows machine that caused all the problems...

Good one there OzzFan :)

UNIX *is* a hack. It evolved from a quick-and-dirty lab experiment that got loose, and security was never designed into it from the ground up. The same holds for the more popular UNIX staples like NFS: hack upon hack and no security to speak of under the hood. Compared to other OSes Unices are comparatively easy to compromise if one has access to a system login or if one can remotely convince a daemon to spawn a shell. UNIX is not the best OS out there, it is merely one of the less horrible ones.

Flamesuit : I'm UNIX admin by trade.

AFAIK Unix evolved from the Multics project which was intended to be a secure OS but never met its design goals. Then two guys from Bell Labs took the basic Multics ideas and developed a small and working OS by the principle "keep it small keep it simple".The rest is history. Now about 90% of the top500 list run Linux (a UNIX clone) and other UNIX variants. Not bad for a "quick and dirty lab experiment".
Tullio

But *nix doesn't get hacked! Surely it must have been a Windows machine that caused all the problems...

There were two problems, neither unix specific. One was a developer. He wrote two scripts that didn't properly sanitize their parameters. The other was a configuration problem that allowed php to be run in any directory that the web server could see.

Ah, typical Apache problems.

So before any script gets deployed in the future, /dev/random gets piped to it? :)

More like: If anyone wants to deploy a script for personal use, they have to swallow /dev/random and then survive being thrown in /dev/null. Regardless of whether they survive or not, the answer is still "No!"
____________

I hate to throw another wrench into things, but there appears to be something wrong with the stats export for S@H: non of the stats websites have any record of the almost 7k of credits I've been awarded over the past three days...
____________
.

If this is not the appropriate thread, I'd like to know which one is. I've looked around and don't see anything.

I'm not getting new tasks. I had set up my preferences to maintain enough work for 2 days (perhaps overly optimistic?). For a brief shining moment, I had a bunch of tasks but those days are gone, my friend; we thought they'd never end. . . .

Some others suggested having a front-page announcement of the degree of up or down status, but I expect that that would not be good PR. Still, a thread here in Technical News or perhaps over in Number Crunching would allow folks to check if they could expect work units any time soon.

Yes, fixing is more to the point than reporting and after a long problem time there'll be an even longer busy time, but perhaps a message at the beginning of an actual outage and another at the end (barring busy time when the world is hitting for more WU) would suffice.